Implement FIDO2 hmac-secret extension

[louib]

From what I understand, this is part of the FIDO2 standard, and will eventually replace the current proprietary HMAC-SHA1 extension used by the YubiKeys and others. Here's the link to the spec, and here is the doc from Yubico.

[peterwilli]

Hey there, I doubt that (in its current form) the FIDO2 standard can replace the proprietary HMAC-SHA1 extension, it has one specific feature not found in FIDO2: You can get the master key before adding it to the device.

This allows for various use cases, for example, you can use this deriving a key for encrypting sensitive files, hard drives, etc., and at the same time have a backup of your master key in cold storage.

In addition, at least as far as I know for NitroKey, entry-level FIDO2 does not require storage on a secure element. In NitroKey, they do not store the HMAC credentials on the secure element, instead it is stored on encrypted flash.

It shouldn't matter much, but it is something to keep in mind.

Additionally, the master key for FIDO2 devices are created in the factory and cannot change at all, not even after a factory reset. This is because FIDO2 is about making every key unique, not about storing recoverable secure keys.

I'd advise to support both features if you want to support FIDO2, as they both have a very different use case.